Hello,
When I go to Kibana, I can see my filebeat events at Discovery tab. Nevertheless, if I go to SIEM > Timeline, I cannot see any of those events.
Anyone has any idea why is it happening?
Thank you in advance.
What queries are you using within SIEM > Timeline to show your events? Are you seeing anything at all if you do a wild card like this below?
*:*
Hi Frank.
Thanks for the response. I have already solved this error. The index didnt have the default indexes names, so I had to go to Management > Advanced Settings and add the index name to siem:defaultIndex field. After that, problem solved.
Thank you anyway.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.